<!DOCTYPE html>



  


<html class="theme-next pisces use-motion" lang="zh-Hans">
<head><meta name="generator" content="Hexo 3.9.0">
  <meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<script src="//cdn.bootcss.com/pace/1.0.2/pace.min.js"></script>
<link href="//cdn.bootcss.com/pace/1.0.2/themes/pink/pace-theme-flash.css" rel="stylesheet">
<style>
    .pace .pace-progress {
        background: #1E92FB; /*进度条颜色*/
        height: 3px;
    }
    .pace .pace-progress-inner {
         box-shadow: 0 0 10px #1E92FB, 0 0 5px     #1E92FB; /*阴影颜色*/
    }
    .pace .pace-activity {
        border-top-color: #1E92FB;    /*上边框颜色*/
        border-left-color: #1E92FB;    /*左边框颜色*/
    }
</style>
<meta name="theme-color" content="#222">









<meta http-equiv="Cache-Control" content="no-transform">
<meta http-equiv="Cache-Control" content="no-siteapp">



  <meta name="google-site-verification" content="true">

<script data-ad-client="ca-pub-3331353808689126" async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>







  <meta name="baidu-site-verification" content="true">







  
  
  <link href="/lib/fancybox/source/jquery.fancybox.css?v=2.1.5" rel="stylesheet" type="text/css">




  
  
  
  

  
    
    
  

  
    
      
    

    
  

  

  
    
      
    

    
  

  
    
      
    

    
  

  
    
    
    <link href="https://fonts.cat.net/css?family=Lato:300,300italic,400,400italic,700,700italic|Roboto Slab:300,300italic,400,400italic,700,700italic|Lobster Two:300,300italic,400,400italic,700,700italic|PT Mono:300,300italic,400,400italic,700,700italic&subset=latin,latin-ext" rel="stylesheet" type="text/css">
  






<link href="/lib/font-awesome/css/font-awesome.min.css?v=4.6.2" rel="stylesheet" type="text/css">

<link href="/css/main.css?v=5.1.4" rel="stylesheet" type="text/css">


  <link rel="apple-touch-icon" sizes="180x180" href="/images/apple-touch-icon-next.png?v=5.1.4">


  <link rel="icon" type="image/png" sizes="32x32" href="/images/favicon-32x32-next.png?v=5.1.4">


  <link rel="icon" type="image/png" sizes="16x16" href="/images/favicon-16x16-next.png?v=5.1.4">


  <link rel="mask-icon" href="/images/logo.svg?v=5.1.4" color="#222">





  <meta name="keywords" content="原理,框架,安全,springsecurity,">





  <link rel="alternate" href="/atom.xml" title="爱吃jelly的Jelly" type="application/atom+xml">






<meta name="description" content="简介 SpringSecurity 是一个灵活和强大的身份验证和访问控制的安全框架，它确保基于Spring的应用程序提供身份验证和授权支持。它与Spring MVC有很好地集成，并配备了流行的安全算法实现捆绑在一起。">
<meta name="keywords" content="原理,框架,安全,springsecurity">
<meta property="og:type" content="article">
<meta property="og:title" content="SpringSecurity浅析：原理篇">
<meta property="og:url" content="https://jelly54.github.io/springs-principle/index.html">
<meta property="og:site_name" content="爱吃jelly的Jelly">
<meta property="og:description" content="简介 SpringSecurity 是一个灵活和强大的身份验证和访问控制的安全框架，它确保基于Spring的应用程序提供身份验证和授权支持。它与Spring MVC有很好地集成，并配备了流行的安全算法实现捆绑在一起。">
<meta property="og:locale" content="zh-Hans">
<meta property="og:image" content="https://s2.ax1x.com/2019/10/18/KZGylR.jpg">
<meta property="og:image" content="https://s2.ax1x.com/2019/10/18/KZtAW4.jpg">
<meta property="og:image" content="https://s2.ax1x.com/2019/10/18/KZBVNq.png">
<meta property="og:updated_time" content="2020-03-07T03:47:15.884Z">
<meta name="twitter:card" content="summary">
<meta name="twitter:title" content="SpringSecurity浅析：原理篇">
<meta name="twitter:description" content="简介 SpringSecurity 是一个灵活和强大的身份验证和访问控制的安全框架，它确保基于Spring的应用程序提供身份验证和授权支持。它与Spring MVC有很好地集成，并配备了流行的安全算法实现捆绑在一起。">
<meta name="twitter:image" content="https://s2.ax1x.com/2019/10/18/KZGylR.jpg">



<script type="text/javascript" id="hexo.configurations">
  var NexT = window.NexT || {};
  var CONFIG = {
    root: '/',
    scheme: 'Pisces',
    version: '5.1.4',
    sidebar: {"position":"left","display":"post","offset":12,"b2t":false,"scrollpercent":false,"onmobile":false},
    fancybox: true,
    tabs: true,
    motion: {"enable":true,"async":false,"transition":{"post_block":"fadeIn","post_header":"slideDownIn","post_body":"slideDownIn","coll_header":"slideLeftIn","sidebar":"slideUpIn"}},
    duoshuo: {
      userId: '0',
      author: '博主'
    },
    algolia: {
      applicationID: '',
      apiKey: '',
      indexName: '',
      hits: {"per_page":10},
      labels: {"input_placeholder":"Search for Posts","hits_empty":"We didn't find any results for the search: ${query}","hits_stats":"${hits} results found in ${time} ms"}
    }
  };
</script>



  <link rel="canonical" href="https://jelly54.github.io/springs-principle/">






  <meta name="baidu-site-verification" content="t21ZdXzSqf">



<meta name="google-site-verification" content="VmrkZiYJtPrIIH8zlY82aG2_l1Ykrp3JZ3HQbMt0qCo">

  <title>SpringSecurity浅析：原理篇 | 爱吃jelly的Jelly</title>
  








</head>

<body itemscope itemtype="http://schema.org/WebPage" lang="zh-Hans">

  
  
    
  

  <div class="container sidebar-position-left page-post-detail">
    <div class="headband"></div>
    
    <a href="https://github.com/jelly54" class="github-corner" aria-label="View source on GitHub"><svg width="80" height="80" viewbox="0 0 250 250" style="fill:#151513; color:#fff; position: absolute; top: 0; border: 0; right: 0;" aria-hidden="true"><path d="M0,0 L115,115 L130,115 L142,142 L250,250 L250,0 Z"/><path d="M128.3,109.0 C113.8,99.7 119.0,89.6 119.0,89.6 C122.0,82.7 120.5,78.6 120.5,78.6 C119.2,72.0 123.4,76.3 123.4,76.3 C127.3,80.9 125.5,87.3 125.5,87.3 C122.9,97.6 130.6,101.9 134.4,103.2" fill="currentColor" style="transform-origin: 130px 106px;" class="octo-arm"/><path d="M115.0,115.0 C114.9,115.1 118.7,116.5 119.8,115.4 L133.7,101.6 C136.9,99.2 139.9,98.4 142.2,98.6 C133.8,88.0 127.5,74.4 143.8,58.0 C148.5,53.4 154.0,51.2 159.7,51.0 C160.3,49.4 163.2,43.6 171.4,40.1 C171.4,40.1 176.1,42.5 178.8,56.2 C183.1,58.6 187.2,61.8 190.9,65.4 C194.5,69.0 197.7,73.2 200.1,77.6 C213.8,80.2 216.3,84.9 216.3,84.9 C212.7,93.1 206.9,96.0 205.4,96.6 C205.1,102.4 203.0,107.8 198.3,112.5 C181.9,128.9 168.3,122.5 157.7,114.1 C157.9,116.9 156.7,120.9 152.7,124.9 L141.0,136.5 C139.8,137.7 141.6,141.9 141.8,141.8 Z" fill="currentColor" class="octo-body"/></svg></a><style>.github-corner:hover .octo-arm{animation:octocat-wave 560ms ease-in-out}@keyframes octocat-wave{0%,100%{transform:rotate(0)}20%,60%{transform:rotate(-25deg)}40%,80%{transform:rotate(10deg)}}@media (max-width:500px){.github-corner:hover .octo-arm{animation:none}.github-corner .octo-arm{animation:octocat-wave 560ms ease-in-out}}</style>

    <header id="header" class="header" itemscope itemtype="http://schema.org/WPHeader">
      <div class="header-inner"><div class="site-brand-wrapper">
  <div class="site-meta ">
    

    <div class="custom-logo-site-title">
      <a href="/" class="brand" rel="start">
        <span class="logo-line-before"><i></i></span>
        <span class="site-title">爱吃jelly的Jelly</span>
        <span class="logo-line-after"><i></i></span>
      </a>
    </div>
      
        <p class="site-subtitle">就揪啾  就是 Jelly</p>
      
  </div>

  <div class="site-nav-toggle">
    <button>
      <span class="btn-bar"></span>
      <span class="btn-bar"></span>
      <span class="btn-bar"></span>
    </button>
  </div>
</div>

<nav class="site-nav">
  

  
    <ul id="menu" class="menu">
      
        
        <li class="menu-item menu-item-home">
          <a href="/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-home"></i> <br>
            
            首页
          </a>
        </li>
      
        
        <li class="menu-item menu-item-archives">
          <a href="/archives/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-archive"></i> <br>
            
            归档
          </a>
        </li>
      
        
        <li class="menu-item menu-item-categories">
          <a href="/categories/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-th"></i> <br>
            
            分类
          </a>
        </li>
      
        
        <li class="menu-item menu-item-tags">
          <a href="/tags/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-tags"></i> <br>
            
            标签
          </a>
        </li>
      
        
        <li class="menu-item menu-item-about">
          <a href="/about/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-user"></i> <br>
            
            关于作者
          </a>
        </li>
      

      
        <li class="menu-item menu-item-search">
          
            <a href="javascript:;" class="popup-trigger">
          
            
              <i class="menu-item-icon fa fa-search fa-fw"></i> <br>
            
            搜索
          </a>
        </li>
      
    </ul>
  

  
    <div class="site-search">
      
  <div class="popup search-popup local-search-popup">
  <div class="local-search-header clearfix">
    <span class="search-icon">
      <i class="fa fa-search"></i>
    </span>
    <span class="popup-btn-close">
      <i class="fa fa-times-circle"></i>
    </span>
    <div class="local-search-input-wrapper">
      <input autocomplete="off" placeholder="搜索..." spellcheck="false" type="text" id="local-search-input">
    </div>
  </div>
  <div id="local-search-result"></div>
</div>



    </div>
  
</nav>



 </div>
    </header>

    <main id="main" class="main">
      <div class="main-inner">
        <div class="content-wrap">
          <div id="content" class="content">
            

  <div id="posts" class="posts-expand">
    

  

  
  
  

  <article class="post post-type-normal" itemscope itemtype="http://schema.org/Article">
  
  
  
  <div class="post-block">
    <link itemprop="mainEntityOfPage" href="https://jelly54.github.io/springs-principle/">

    <span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
      <meta itemprop="name" content="Big Jelly">
      <meta itemprop="description" content>
      <meta itemprop="image" content="/images/avatar.jpg">
    </span>

    <span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
      <meta itemprop="name" content="爱吃jelly的Jelly">
    </span>

    
      <header class="post-header">

        
        
          <h1 class="post-title" itemprop="name headline">SpringSecurity浅析：原理篇</h1>
        

        <div class="post-meta">
          <span class="post-time">
            
              <span class="post-meta-item-icon">
                <i class="fa fa-calendar-o"></i>
              </span>
              
                <span class="post-meta-item-text">发表于</span>
              
              <time title="创建于" itemprop="dateCreated datePublished" datetime="2019-09-22T18:47:49+08:00">
                2019-09-22
              </time>
            

            

            
          </span>

          
            <span class="post-category">
            
              <span class="post-meta-divider">|</span>
            
              <span class="post-meta-item-icon">
                <i class="fa fa-folder-o"></i>
              </span>
              
                <span class="post-meta-item-text">分类于</span>
              
              
                <span itemprop="about" itemscope itemtype="http://schema.org/Thing">
                  <a href="/categories/SpringSecurity/" itemprop="url" rel="index">
                    <span itemprop="name">SpringSecurity</span>
                  </a>
                </span>

                
                
              
            </span>
          

          
            
          

          
          

          

          
            <div class="post-wordcount">
              
                
                <span class="post-meta-item-icon">
                  <i class="fa fa-file-word-o"></i>
                </span>
                
                  <span class="post-meta-item-text">字数统计&#58;</span>
                
                <span title="字数统计">
                  2.8k
                </span>
              

              
                <span class="post-meta-divider">|</span>
              

              
                <span class="post-meta-item-icon">
                  <i class="fa fa-clock-o"></i>
                </span>
                
                  <span class="post-meta-item-text">阅读时长 &asymp;</span>
                
                <span title="阅读时长">
                  12
                </span>
              
            </div>
          

          

        </div>
      </header>
    

    
    
    
    <div class="post-body" itemprop="articleBody">

      
      

      
        <h1 id="简介"><a href="#简介" class="headerlink" title="简介"></a>简介</h1><blockquote>
<p>SpringSecurity 是一个灵活和强大的身份验证和访问控制的安全框架，它确保基于Spring的应用程序提供身份验证和授权支持。它与Spring MVC有很好地集成，并配备了流行的安全算法实现捆绑在一起。</p>
</blockquote>
<a id="more"></a>

<h2 id="Spring-Security-模块"><a href="#Spring-Security-模块" class="headerlink" title="Spring Security 模块"></a>Spring Security 模块</h2><ul>
<li><strong>核心模块</strong> - spring-security-core.jar：包含核心验证和访问控制类和接口，远程支持的基本配置API，是基本模块。</li>
<li><strong>远程调用</strong> - spring-security-remoting.jar：提供与 Spring Remoting 集成。</li>
<li><strong>网页</strong> - spring-security-web.jar：包括网站安全的模块，提供网站认证服务和基于URL访问控制。</li>
<li><strong>配置</strong> - spring-security-config.jar：包含安全命令空间解析代码，若使用XML进行配置则需要。</li>
<li><strong>LDAP</strong> - spring-security-ldap.jar：LDAP 验证和配置，若需要LDAP验证和管理LDAP用户实体。</li>
<li><strong>ACL访问控制表</strong> - spring-security-acl.jar：ACL专门领域对象的实现。</li>
<li><strong>CAS</strong> - spring-security-cas.jar：CAS客户端继承，若想用CAS的SSO服务器网页验证。</li>
<li><strong>OpenID</strong> - spring-security-openid.jar：OpenID网页验证支持。</li>
<li><strong>Test</strong> - spring-security-test.jar：支持Spring Security的测试。</li>
</ul>
<h2 id="认证流程"><a href="#认证流程" class="headerlink" title="认证流程"></a>认证流程</h2><ol>
<li>用户使用用户名和密码登录。</li>
<li>用户名密码被过滤器（默认为UsernamePasswordAuthenticationFilter）获取到，封装成 Authentication。</li>
<li>token（Authentication实现类）传递给 AuthenticationManager 进行认证。</li>
<li>AuthenticationManager 认证成功后返回一个封装了用户权限信息的 Authentication 对象。</li>
<li>通过调用 SecurityContextHolder.getContext().setAuthentication(…) 将 Authentication 对象赋给当前的 SecurityContext。</li>
</ol>
<h1 id="启动原理"><a href="#启动原理" class="headerlink" title="启动原理"></a>启动原理</h1><h2 id="启动demo"><a href="#启动demo" class="headerlink" title="启动demo"></a>启动demo</h2><p>引入相关依赖后，根据Spring Security官方文档给出的例子创建类。</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br></pre></td><td class="code"><pre><span class="line">@EnableWebSecurity</span><br><span class="line">public class WebSecurityConfig extends WebSecurityConfigurerAdapter &#123;</span><br><span class="line"></span><br><span class="line">    @Autowired</span><br><span class="line">    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception &#123;</span><br><span class="line">        auth</span><br><span class="line">            .inMemoryAuthentication()</span><br><span class="line">                .withUser(&quot;user&quot;).password(&quot;password&quot;).roles(&quot;USER&quot;);</span><br><span class="line">    &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<p>以上我们便将spring security应用到我们的项目中了，上面的例子，在内存中配置了一个用户名为user,密码为password，并且拥有USER角色的用户。想要知道它是怎么运行的，请往下看。</p>
<p><strong>WebSecurityConfigurer的子类可以扩展spring security的应用,</strong> 而WebSecurityConfigurerAdapter是WebSecurityConfigurer 的一个适配器，必然也是做了很多默认的工作。</p>
<h2 id="入手-EnableWebSecurity注解"><a href="#入手-EnableWebSecurity注解" class="headerlink" title="入手 @EnableWebSecurity注解"></a>入手 @EnableWebSecurity注解</h2><p>跟进@EnableWebSecurity看下源码：</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line">@Retention(RetentionPolicy.RUNTIME)</span><br><span class="line">@Target(&#123;ElementType.TYPE&#125;)</span><br><span class="line">@Documented</span><br><span class="line">@Import(&#123;WebSecurityConfiguration.class, SpringWebMvcImportSelector.class, OAuth2ImportSelector.class&#125;)</span><br><span class="line">@EnableGlobalAuthentication</span><br><span class="line">@Configuration</span><br><span class="line">public @interface EnableWebSecurity &#123;</span><br><span class="line">    boolean debug() default false;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<p><strong>Tips：</strong></p>
<p>@EnableWebSecurity 配置到拥有注解 @Configuration 的类上，就可以获取到spring security的支持.</p>
<h3 id="跟进-SpringWebMvcImportSelector"><a href="#跟进-SpringWebMvcImportSelector" class="headerlink" title="跟进 SpringWebMvcImportSelector"></a>跟进 SpringWebMvcImportSelector</h3><p>SpringWebMvcImportSelector 的作用是判断当前的环境是否包含springmvc，因为spring security可以在非spring环境下使用，为了避免DispatcherServlet的重复配置，所以使用了这个注解来区分。</p>
<h3 id="跟进-EnableGlobalAuthentication"><a href="#跟进-EnableGlobalAuthentication" class="headerlink" title="跟进 @EnableGlobalAuthentication"></a>跟进 @EnableGlobalAuthentication</h3><p>注解的源码如下：</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">@Import(AuthenticationConfiguration.class)</span><br><span class="line">@Configuration</span><br><span class="line">public @interface EnableGlobalAuthentication &#123;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<p>可以看出，这个注解引入了AuthenticationConfiguration配置。而这个类用来配置认证相关，主要任务就是生成全局的身份认证管理者。AuthenticationManager：</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br></pre></td><td class="code"><pre><span class="line">@Configuration</span><br><span class="line">@Import(ObjectPostProcessorConfiguration.class)</span><br><span class="line">public class AuthenticationConfiguration &#123;</span><br><span class="line"></span><br><span class="line">    private AuthenticationManager authenticationManager;</span><br><span class="line"></span><br><span class="line">  	@Bean</span><br><span class="line">	public AuthenticationManagerBuilder authenticationManagerBuilder(</span><br><span class="line">			ObjectPostProcessor&lt;Object&gt; objectPostProcessor) &#123;</span><br><span class="line">		return new AuthenticationManagerBuilder(objectPostProcessor);</span><br><span class="line">	&#125;</span><br><span class="line">  </span><br><span class="line">  	public AuthenticationManager getAuthenticationManager() throws Exception &#123;</span><br><span class="line">    	...</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<h3 id="跟进-WebSecurityConfiguration"><a href="#跟进-WebSecurityConfiguration" class="headerlink" title="跟进 WebSecurityConfiguration"></a>跟进 WebSecurityConfiguration</h3><p><img src="https://s2.ax1x.com/2019/10/18/KZGylR.jpg" alt="KZGylR.jpg"></p>
<h4 id="setFilterChainProxySecurityConfigurer（）方法"><a href="#setFilterChainProxySecurityConfigurer（）方法" class="headerlink" title="setFilterChainProxySecurityConfigurer（）方法"></a>setFilterChainProxySecurityConfigurer（）方法</h4><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br></pre></td><td class="code"><pre><span class="line">@Autowired(required = false)</span><br><span class="line">public void setFilterChainProxySecurityConfigurer(</span><br><span class="line">        ObjectPostProcessor&lt;Object&gt; objectPostProcessor,</span><br><span class="line">        //T1 使用@Value获取到配置信息</span><br><span class="line">        @Value(&quot;#&#123;@autowiredWebSecurityConfigurersIgnoreParents.getebSecurityConfigurers()&#125;&quot;) List&lt;SecurityConfigurer&lt;Filter,WebSecurity&gt;&gt; webSecurityConfigurers)</span><br><span class="line">        throws Exception &#123;</span><br><span class="line">  </span><br><span class="line">     //T2 创建一个webSecurity 对象</span><br><span class="line">    webSecurity = objectPostProcessor</span><br><span class="line">            .postProcess(new WebSecurity(objectPostProcessor));</span><br><span class="line">    if (debugEnabled != null) &#123;</span><br><span class="line">        webSecurity.debug(debugEnabled);</span><br><span class="line">    &#125;</span><br><span class="line">            </span><br><span class="line">    //T3对configures进行排序</span><br><span class="line">    Collections.sort(webSecurityConfigurers,AnnotationAwareOrderComparator.INSTANCE);</span><br><span class="line">  </span><br><span class="line">     //T4对Order进行比较是否有相同的，由于前面进行了排序，只要比较后有相同的就可以</span><br><span class="line">    Integer previousOrder = null;</span><br><span class="line">    Object previousConfig = null;</span><br><span class="line">    for (SecurityConfigurer&lt;Filter, WebSecurity&gt; config :webSecurityConfigurers) &#123;</span><br><span class="line">        Integer order =AnnotationAwareOrderComparator.lookupOrder(config);</span><br><span class="line">        if (previousOrder != null &amp;&amp; previousOrder.equals(order)) &#123;</span><br><span class="line">            throw new IllegalStateException(</span><br><span class="line">                    &quot;@Order on WebSecurityConfigurers must beunique. Order of &quot;</span><br><span class="line">                            + order + &quot; was already used on &quot; +previousConfig + &quot;, so it cannot be usedon &quot;</span><br><span class="line">                            + config + &quot; too.&quot;);</span><br><span class="line">        &#125;</span><br><span class="line">        previousOrder = order;</span><br><span class="line">        previousConfig = config;</span><br><span class="line">    &#125;</span><br><span class="line">    for (SecurityConfigurer&lt;Filter, WebSecurity&gt;webSecurityConfigurer : webSecurityConfigurers) &#123;</span><br><span class="line">        //T5将配置信息配置到webSecurity中</span><br><span class="line">        webSecurity.apply(webSecurityConfigurer);</span><br><span class="line">    &#125;</span><br><span class="line">    this.webSecurityConfigurers = webSecurityConfigurers;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<ol>
<li>上述代码中T1标记处，我们看一下autowiredWebSecurityConfigurersIgnoreParents.getWebSecurityConfigurers()的源代码</li>
</ol>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br></pre></td><td class="code"><pre><span class="line">private final ConfigurableListableBeanFactory beanFactory;</span><br><span class="line"></span><br><span class="line">public List&lt;SecurityConfigurer&lt;Filter, WebSecurity&gt;&gt; getWebSecurityConfigurers() &#123;</span><br><span class="line">        List&lt;SecurityConfigurer&lt;Filter, WebSecurity&gt;&gt; webSecurityConfigurers = new ArrayList&lt;SecurityConfigurer&lt;Filter, WebSecurity&gt;&gt;();</span><br><span class="line">        Map&lt;String, WebSecurityConfigurer&gt; beansOfType = beanFactory</span><br><span class="line">                .getBeansOfType(WebSecurityConfigurer.class);</span><br><span class="line">        for (Entry&lt;String, WebSecurityConfigurer&gt; entry : beansOfType.entrySet()) &#123;</span><br><span class="line">            webSecurityConfigurers.add(entry.getValue());</span><br><span class="line">        &#125;</span><br><span class="line">        return webSecurityConfigurers;</span><br><span class="line">    &#125;</span><br></pre></td></tr></table></figure>

<p>这个beansOfType <strong>就是我们定义的继承自WebSecurityConfigurerAdapter的类，</strong> 通过查看父类的定义，我们知道调用build()方法最后返回的必须是一个Filter对象，可以自行参考顶级父类(或接口)WebSecurityConfigurer和SecurityBuilder</p>
<h4 id="springSecurityFilterChain（）"><a href="#springSecurityFilterChain（）" class="headerlink" title="springSecurityFilterChain（）"></a>springSecurityFilterChain（）</h4><p>为我们创建了一个名字叫做springSecurityFilterChain的Filter<br>源代码:</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br></pre></td><td class="code"><pre><span class="line">/**</span><br><span class="line"> * Creates the Spring Security Filter Chain</span><br><span class="line"> * @return the &#123;@link Filter&#125; that represents the security filterchain</span><br><span class="line"> * @throws Exception</span><br><span class="line"> */</span><br><span class="line">@Bean(name = AbstractSecurityWebApplicationInitializer.DEFAULT_FILTR_NAME)</span><br><span class="line">public Filter springSecurityFilterChain() throws Exception &#123;</span><br><span class="line">    //T1 查看是否有WebSecurityConfigurer的相关配置</span><br><span class="line">    boolean hasConfigurers = webSecurityConfigurers != null</span><br><span class="line">            &amp;&amp; !webSecurityConfigurers.isEmpty();</span><br><span class="line">    //T2 如果没有，说明我们没有注入继承WebSecurityConfigurerAdapter的对象（没有创建其子类）</span><br><span class="line">    if (!hasConfigurers) &#123;</span><br><span class="line">                    </span><br><span class="line">        //T3 创建默认的配置信息WebSecurityConfigurerAdapter,保证SpringSecurity的</span><br><span class="line">        //最基础的功能，如果我们要有自定义的相关，一定要重配置</span><br><span class="line">        WebSecurityConfigurerAdapter adapter =objectObjectPostProcessor</span><br><span class="line">                .postProcess(new WebSecurityConfigurerAdapter() &#123;</span><br><span class="line">                &#125;);</span><br><span class="line">        //T4 默认配置信息载入webSecurity</span><br><span class="line">        webSecurity.apply(adapter);</span><br><span class="line">    &#125;</span><br><span class="line">    // T5这里build一个Filter</span><br><span class="line">    return webSecurity.build();</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<p>webSecurity对象在此时已经加载完所有的配置。</p>
<p>webSecurity对象为我们创建一个Filter通过的是build()方法。</p>
<p><strong>注意：</strong> 建立了一个Filter对象，而这个Filter将会拦截掉我们的请求，对请求进行过滤拦截，从而起到对资源进行认证保护的作用。然后这个Filter并非我们自己平时定义的Filter这么简单,这个过滤器也只是一个代理的过滤器而已，里面还会有过滤器链。</p>
<h3 id="WebSecurity的build-方法"><a href="#WebSecurity的build-方法" class="headerlink" title="WebSecurity的build()方法"></a>WebSecurity的build()方法</h3><p>WebSecurity继承了AbstractConfiguredSecurityBuilder类，实现了SecurityBuilder接口。</p>
<blockquote>
<p>事实上AbstractConfiguredSecurityBuilder类的父类AbstractSecurityBuilder也是实现了SecurityBuilder接口。子类和父类实现同一个接口。事实上是为了子类在反射调用方法getInterfaces()中可以获取到接口，根据这里的情况就是WebSecurity反射调用getInterfaces()可以获取到SecurityBuilder接口。</p>
</blockquote>
<h4 id="WebSecurity-类图"><a href="#WebSecurity-类图" class="headerlink" title="WebSecurity 类图"></a>WebSecurity 类图</h4><p><img src="https://s2.ax1x.com/2019/10/18/KZtAW4.jpg" alt="KZtAW4.jpg"></p>
<ul>
<li><p>SecurityBuilder定义了构建的接口标准</p>
</li>
<li><p>AbstractSecurityBuilder实现build方法,用AtomicBoolean的变量building保证多线程情况下，操作的原子性。此处采用的是模板模式。定义了doBuild()抽象方法,用来给子类实现。</p>
</li>
<li><p>AbstractConfiguredSecurityBuilder 继承AbstractSecurityBuilder实现doBuild()方法,也采用模板模式，定义了实现的具体的步骤，如UNBUILT，INITIALIZING,CONFIGURING,BUILDING，以及BUILT。</p>
</li>
</ul>
<p>我们看一下WebSecurity的定义</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line">public final class WebSecurity extends</span><br><span class="line">        AbstractConfiguredSecurityBuilder&lt;Filter, WebSecurity&gt; implements</span><br><span class="line">        SecurityBuilder&lt;Filter&gt;, ApplicationContextAware &#123;</span><br><span class="line">        ...</span><br><span class="line">        ...</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<p>从上面的代码可以看出WebSecurity指定泛型的类型为Filter，结合上面接口build()方法我们可以知道，<strong>WebSecurity的build()方法返回的是一个Filter,Spring Securiy 通过这个来创建一个过滤器。</strong></p>
<h4 id="build-过程"><a href="#build-过程" class="headerlink" title="build()过程"></a>build()过程</h4><ul>
<li>AbstractSecurityBuilder保证了线程的安全。</li>
<li>AbstractConfiguredSecurityBuilder保证了构建过程以及构建状态。</li>
<li>WebSecurity通过performBuild()来实现自身的构建</li>
</ul>
<p>AbstractConfiguredSecurityBuilder的构建过程，我们看一下doBuild()方法的定义</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br></pre></td><td class="code"><pre><span class="line">@Override</span><br><span class="line">protected final O doBuild() throws Exception &#123;</span><br><span class="line">    synchronized (configurers) &#123;</span><br><span class="line">        buildState = BuildState.INITIALIZING;</span><br><span class="line">        </span><br><span class="line">        //默认什么都没做，WebSecurity也没有重写</span><br><span class="line">        beforeInit(); </span><br><span class="line">        //T1默认此处调用WebSecurityConfigurerAdapter的init(finalWebSecurity web)方法</span><br><span class="line">        init(); </span><br><span class="line">        </span><br><span class="line">        buildState = BuildState.CONFIGURING;</span><br><span class="line">        </span><br><span class="line">        //默认什么都不做,WebSecurity没有重写</span><br><span class="line">        beforeConfigure(); </span><br><span class="line">        //调用WebSecurityConfigurerAdapter的configure(WbSecurity web)，但是什么都没做</span><br><span class="line">        configure();</span><br><span class="line">        </span><br><span class="line">        buildState = BuildState.BUILDING;</span><br><span class="line">        //T2这里调用WebSecurity的performBuild()方法</span><br><span class="line">        O result = performBuild();</span><br><span class="line">        </span><br><span class="line">        buildState = BuildState.BUILT;</span><br><span class="line">        </span><br><span class="line">        //从WebSecurity的实现，这里返回了一个Filter，完成构建过程</span><br><span class="line">        return result;</span><br><span class="line">    &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<p>T1 处调用WebSecurityConfigurerAdapter的init(final WebSecurity web)方法，看一下源代码的定义</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br></pre></td><td class="code"><pre><span class="line">/**</span><br><span class="line"> * @param web</span><br><span class="line"> * @throws Exception</span><br><span class="line"> */</span><br><span class="line">public void init(final WebSecurity web) throws Exception &#123;</span><br><span class="line">    //构建HttpSecurity对象</span><br><span class="line">    final HttpSecurity http = getHttp();</span><br><span class="line">    </span><br><span class="line">    //Ta</span><br><span class="line">    web.addSecurityFilterChainBuilder(http).postBuildAction(new Runnable() &#123;</span><br><span class="line">        public void run() &#123;</span><br><span class="line">            FilterSecurityInterceptor securityInterceptor = http</span><br><span class="line">                    .getSharedObject(FilterSecurityInterceptor.class);</span><br><span class="line">            web.securityInterceptor(securityInterceptor);</span><br><span class="line">        &#125;</span><br><span class="line">    &#125;);</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<ul>
<li>这里构建了HttpSecurity对象，以及有一个共享对象FilterSecurityInterceptor。 </li>
<li>Ta 处调用了WebSecurity的addSecurityFilterChainBuilder()方法，我们看一下这个方法的源代码<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line">public WebSecurity addSecurityFilterChainBuilder(</span><br><span class="line">            SecurityBuilder&lt;? extends SecurityFilterChain&gt; securityFilterChainBuilder) &#123;</span><br><span class="line">    //这个就是securityFilterChainBuilders变量</span><br><span class="line">    this.securityFilterChainBuilders.add(securityFilterChainBuilder);</span><br><span class="line">    return this;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

</li>
</ul>
<p>在构建Filter过程的初始化的时候，我们对securityFilterChainBuilders这个变量进行了赋值，默认情况下securityFilterChainBuilders里面只有一个对象，那就是HttpSecurity。</p>
<p>T2 根据WebSecurity的属性构建Filter的performBuild()方法</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br></pre></td><td class="code"><pre><span class="line">@Override</span><br><span class="line">protected Filter performBuild() throws Exception &#123;</span><br><span class="line">    Assert.state(</span><br><span class="line">            //T1  securityFilterChainBuilders哪里来的?</span><br><span class="line">            !securityFilterChainBuilders.isEmpty(),</span><br><span class="line">            () -&gt; &quot;At least one SecurityBuilder&lt;? extends SecurityFilterChain&gt; needs to be specified. &quot;</span><br><span class="line">                    + &quot;Typically this done by adding a @Configuration that extends WebSecurityConfigurerAdapter. &quot;</span><br><span class="line">                    + &quot;More advanced users can invoke &quot;</span><br><span class="line">                    + WebSecurity.class.getSimpleName()</span><br><span class="line">                    + &quot;.addSecurityFilterChainBuilder directly&quot;);</span><br><span class="line">    //T2 ignoredRequests.size()到底是什么？</span><br><span class="line">    int chainSize = ignoredRequests.size() + securityFilterChainBuilders.size();</span><br><span class="line">    //这个securityFilterChains 的集合里面存放的就是我们所有的过滤器链，根据长度的定义，</span><br><span class="line">    //我们也可以知道分为两种一个是通过 ignoredRequests 来的过滤器链,</span><br><span class="line">    //一个是通过 securityFilterChainBuilders 这个过滤器链构建链来的。</span><br><span class="line">    List&lt;SecurityFilterChain&gt; securityFilterChains = new ArrayList&lt;&gt;(</span><br><span class="line">            chainSize);</span><br><span class="line"></span><br><span class="line">    //如果是 ignoredRequest类型的，那么就添加默认过滤器链(DefaultSecurityFilterChain)</span><br><span class="line">    for (RequestMatcher ignoredRequest : ignoredRequests) &#123;</span><br><span class="line">        securityFilterChains.add(new DefaultSecurityFilterChain(ignoredRequest));</span><br><span class="line">    &#125;</span><br><span class="line">           </span><br><span class="line">    //如果是securityFilterChainBuilder类型的，那么通过securityFilterChainBuilder的build()方法来构建过滤器链</span><br><span class="line">    for (SecurityBuilder&lt;? extends SecurityFilterChain&gt; securityFilterChainBuilder : securityFilterChainBuilders) &#123;</span><br><span class="line">        securityFilterChains.add(securityFilterChainBuilder.build());</span><br><span class="line">    &#125;</span><br><span class="line">           </span><br><span class="line">    //将过滤器链交给一个过滤器链代理对象,而这个代理对象就是返回回去的</span><br><span class="line">    //过滤器。到这里为止，过滤器的过程已经结束</span><br><span class="line">    //T3 什么是FilterChainProxy? </span><br><span class="line">    FilterChainProxy filterChainProxy = new FilterChainProxy(securityFilterChains);</span><br><span class="line">    if (httpFirewall != null) &#123;</span><br><span class="line">        filterChainProxy.setFirewall(httpFirewall);</span><br><span class="line">    &#125;</span><br><span class="line">    filterChainProxy.afterPropertiesSet();</span><br><span class="line"></span><br><span class="line">    Filter result = filterChainProxy;</span><br><span class="line">    if (debugEnabled) &#123;</span><br><span class="line">        logger.warn(&quot;\n\n&quot;</span><br><span class="line">                + &quot;********************************************************************\n&quot;</span><br><span class="line">                + &quot;**********        Security debugging is enabled.       *************\n&quot;</span><br><span class="line">                + &quot;**********    This may include sensitive information.  *************\n&quot;</span><br><span class="line">                + &quot;**********      Do not use in a production system!     *************\n&quot;</span><br><span class="line">                + &quot;********************************************************************\n\n&quot;);</span><br><span class="line">        result = new DebugFilter(filterChainProxy);</span><br><span class="line">    &#125;</span><br><span class="line">    postBuildAction.run();</span><br><span class="line">    return result;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<ol>
<li><p>WebSecurity的securityFilterChainBuilders属性哪里来的？<br>见上边解释</p>
</li>
<li><p>ignoredRequest是什么？<br>ignoredRequests只是WebSecurity的一个属性 </p>
</li>
<li><p>ignoredRequests的list中的值从哪里来的呢？<br>我们可以看到里面有一个ignore()方法，通过这个来进行设置的<br>怎么设置呢，那我们得看看WebSecurityConfigurerAdapter这个类了，里面有一个configure方法供我们重写</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br></pre></td><td class="code"><pre><span class="line">public void configure(WebSecurity web) throws Exception &#123;</span><br><span class="line">&#125;</span><br><span class="line"></span><br><span class="line">#具体的例子如下</span><br><span class="line">@Override</span><br><span class="line">public void configure(WebSecurity web) throws Exception &#123;</span><br><span class="line">    super.configure(web);</span><br><span class="line">    web.ignoring()</span><br><span class="line">           .mvcMatchers(&quot;/favicon.ico&quot;, &quot;/webjars/**&quot;, &quot;/css/**&quot;);</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

</li>
</ol>
<blockquote>
<p>然后值得一提的是这里有多少个mvcMatchers就会创建多少个ignoredRequests的对象，也就会有多少个过滤器链，也是在WebSecurity里面定义的内部类IgnoredRequestConfigurer这个类里面。</p>
</blockquote>
<ol start="4">
<li>FilterChainProxy到底是什么<br>上面的描述中我们知道， FilterChainProxy是真正返回的Filter，上面代码中 FilterChainProxy的对象创建的源码为：<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">FilterChainProxy filterChainProxy = new FilterChainProxy(securityFilterChains);</span><br></pre></td></tr></table></figure>

</li>
</ol>
<h3 id="Filter实现的流程"><a href="#Filter实现的流程" class="headerlink" title="Filter实现的流程"></a>Filter实现的流程</h3><p><img src="https://s2.ax1x.com/2019/10/18/KZBVNq.png" alt="KZBVNq.png"></p>
<h3 id="小结"><a href="#小结" class="headerlink" title="小结"></a>小结</h3><p><strong>SpringSecurityFilterChain</strong> 是Spring Security认证的入口。集成Spring Boot集成之后，xml配置被java注解配置取代，也就是 <strong>在WebSecurityConfiguration中完成了声明springSecurityFilterChain的作用。</strong> 并且最终交给DelegatingFilterProxy这个代理类，负责拦截请求。</p>
<p>也就是说：<strong>@EnableWebSecurity完成的工作便是加载了WebSecurityConfiguration，AuthenticationConfiguration这两个核心配置类，也就此将spring security的职责划分为了配置安全信息，配置认证信息两部分。</strong> </p>
<h2 id="入手-WebSecurityConfigurerAdapter-适配器类。"><a href="#入手-WebSecurityConfigurerAdapter-适配器类。" class="headerlink" title="入手 WebSecurityConfigurerAdapter 适配器类。"></a>入手 WebSecurityConfigurerAdapter 适配器类。</h2><ul>
<li>HttpSecurity 通过getHttp()获取，后面会详细说到这个类</li>
<li>UserDetailsService 用户信息获取</li>
<li>AuthenticationManager 认证管理类</li>
<li></li>
</ul>
<p>SecurityContextHolder<br>SecurityContextHolder 用于存储安全上下文信息（如操作用户是谁、用户是否被认证、用户权限有哪些），它用 ThreadLocal 来保存 SecurityContext，者意味着 Spring Security 在用户登录时自动绑定到当前现场，用户退出时，自动清除当前线程认证信息，SecurityContext 中含有正在访问系统用户的详细信息</p>

      
    </div>
    
    
    
    <div>
      
        <div>
    
        <div style="text-align:center;color: #ccc;font-size:14px;">-------------本文结束 <i class="fa fa-paw"></i> 感谢您的阅读-------------</div>
    
</div>

      
    </div>
    <div>
      
        
<div class="my_post_copyright">
  <script src="//cdn.bootcss.com/clipboard.js/1.5.10/clipboard.min.js"></script>
  
  <!-- JS库 sweetalert 可修改路径 -->
  <script src="https://cdn.bootcss.com/jquery/2.0.0/jquery.min.js"></script>
  <script src="https://unpkg.com/sweetalert/dist/sweetalert.min.js"></script>
  <p><span>本文标题:</span><a href="/springs-principle/">SpringSecurity浅析：原理篇</a></p>
  <p><span>文章作者:</span><a href="/" title="访问 Big Jelly 的个人博客">Big Jelly</a></p>
  <p><span>发布时间:</span>2019年09月22日 - 18:47</p>
  <p><span>最后更新:</span>2020年03月07日 - 11:47</p>
  <p><span>原始链接:</span><a href="/springs-principle/" title="SpringSecurity浅析：原理篇">https://jelly54.github.io/springs-principle/</a>
    <span class="copy-path" title="点击复制文章链接"><i class="fa fa-clipboard" data-clipboard-text="https://jelly54.github.io/springs-principle/" aria-label="复制成功！"></i></span>
  </p>
  <p><span>许可协议:</span><i class="fa fa-creative-commons"></i> <a rel="license" href="https://creativecommons.org/licenses/by-nc-nd/4.0/" target="_blank" title="Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0)">署名-非商业性使用-禁止演绎 4.0 国际</a> 转载请保留原文链接及作者。</p>  
</div>
<script> 
    var clipboard = new Clipboard('.fa-clipboard');
      $(".fa-clipboard").click(function(){
      clipboard.on('success', function(){
        swal({   
          title: "",   
          text: '复制成功',
          icon: "success", 
          showConfirmButton: true
          });
        });
    });  
</script>

      
    </div>
    

    
      <div>
        <div style="padding: 10px 0; margin: 20px auto; width: 90%; text-align: center;">
  <div>坚持原创技术分享，您的支持将鼓励我继续创作！</div>
  <button id="rewardButton" disable="enable" onclick="var qr = document.getElementById('QR'); if (qr.style.display === 'none') {qr.style.display='block';} else {qr.style.display='none'}">
    <span>打赏</span>
  </button>
  <div id="QR" style="display: none;">

    
      <div id="wechat" style="display: inline-block">
        <img id="wechat_qr" src="/images/wechatpay.png" alt="Big Jelly 微信支付">
        <p>微信支付</p>
      </div>
    

    
      <div id="alipay" style="display: inline-block">
        <img id="alipay_qr" src="/images/alipay.png" alt="Big Jelly 支付宝">
        <p>支付宝</p>
      </div>
    

    

  </div>
</div>

      </div>
    

    

    <footer class="post-footer">
      
        <div class="post-tags">
          
            <a href="/tags/原理/" rel="tag"><i class="fa fa-tag"></i> 原理</a>
          
            <a href="/tags/框架/" rel="tag"><i class="fa fa-tag"></i> 框架</a>
          
            <a href="/tags/安全/" rel="tag"><i class="fa fa-tag"></i> 安全</a>
          
            <a href="/tags/springsecurity/" rel="tag"><i class="fa fa-tag"></i> springsecurity</a>
          
        </div>
      

      
      
      

      
        <div class="post-nav">
          <div class="post-nav-next post-nav-item">
            
              <a href="/springs-start/" rel="next" title="SpringSecurity简单入门">
                <i class="fa fa-chevron-left"></i> SpringSecurity简单入门
              </a>
            
          </div>

          <span class="post-nav-divider"></span>

          <div class="post-nav-prev post-nav-item">
            
              <a href="/shiro-principle/" rel="prev" title="Shiro浅析：原理篇">
                Shiro浅析：原理篇 <i class="fa fa-chevron-right"></i>
              </a>
            
          </div>
        </div>
      

      
      
    </footer>
  </div>
  
  
  
  </article>



    <div class="post-spread">
      
    </div>
  </div>


          </div>
          


          

  
	<div id="gitalk-container"></div>

  

<script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
<!-- 展示广告 -->
<ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-3331353808689126" data-ad-slot="4663393885" data-ad-format="auto" data-full-width-responsive="true"></ins>
<script>
     (adsbygoogle = window.adsbygoogle || []).push({});
</script>


        </div>
        
          
  
  <div class="sidebar-toggle">
    <div class="sidebar-toggle-line-wrap">
      <span class="sidebar-toggle-line sidebar-toggle-line-first"></span>
      <span class="sidebar-toggle-line sidebar-toggle-line-middle"></span>
      <span class="sidebar-toggle-line sidebar-toggle-line-last"></span>
    </div>
  </div>

  <aside id="sidebar" class="sidebar">
    
    <div class="sidebar-inner">

      

      
        <ul class="sidebar-nav motion-element">
          <li class="sidebar-nav-toc sidebar-nav-active" data-target="post-toc-wrap">
            文章目录
          </li>
          <li class="sidebar-nav-overview" data-target="site-overview-wrap">
            站点概览
          </li>
        </ul>
      

      <section class="site-overview-wrap sidebar-panel">
        <div class="site-overview">
          <div class="site-author motion-element" itemprop="author" itemscope itemtype="http://schema.org/Person">
            
              <img class="site-author-image" itemprop="image" src="/images/avatar.jpg" alt="Big Jelly">
            
              <p class="site-author-name" itemprop="name">Big Jelly</p>
              <p class="site-description motion-element" itemprop="description">Nothing is easier than to deceive oneself</p>
          </div>

          <nav class="site-state motion-element">

            
              <div class="site-state-item site-state-posts">
              
                <a href="/archives/">
              
                  <span class="site-state-item-count">55</span>
                  <span class="site-state-item-name">日志</span>
                </a>
              </div>
            

            
              
              
              <div class="site-state-item site-state-categories">
                <a href="/categories/index.html">
                  <span class="site-state-item-count">15</span>
                  <span class="site-state-item-name">分类</span>
                </a>
              </div>
            

            
              
              
              <div class="site-state-item site-state-tags">
                <a href="/tags/index.html">
                  <span class="site-state-item-count">68</span>
                  <span class="site-state-item-name">标签</span>
                </a>
              </div>
            

          </nav>

          
            <div class="feed-link motion-element">
              <a href="/atom.xml" rel="alternate">
                <i class="fa fa-rss"></i>
                RSS
              </a>
            </div>
          

          
            <div class="links-of-author motion-element">
                
                  <span class="links-of-author-item">
                    <a rel="external nofollow" href="https://github.com/jelly54" target="_blank" title="GitHub">
                      
                        <i class="fa fa-fw fa-github"></i>GitHub</a>
                  </span>
                
                  <span class="links-of-author-item">
                    <a rel="external nofollow" href="mailto:jelly_54@163.com" target="_blank" title="E-Mail">
                      
                        <i class="fa fa-fw fa-envelope"></i>E-Mail</a>
                  </span>
                
            </div>
          

          
          

          
          
            <div class="links-of-blogroll motion-element links-of-blogroll-inline">
              <div class="links-of-blogroll-title">
                <i class="fa  fa-fw fa-link"></i>
                外链小站
              </div>
              <ul class="links-of-blogroll-list">
                
                  <li class="links-of-blogroll-item">
                    <a href="https://leetcode.com/" title="LeetCode" rel="external nofollow" target="_blank">LeetCode</a>
                  </li>
                
                  <li class="links-of-blogroll-item">
                    <a href="http://www.dooccn.com/" title="在线编辑代码" rel="external nofollow" target="_blank">在线编辑代码</a>
                  </li>
                
                  <li class="links-of-blogroll-item">
                    <a href="http://www.chuangzaoshi.com/code" title="创造狮导航" rel="external nofollow" target="_blank">创造狮导航</a>
                  </li>
                
                  <li class="links-of-blogroll-item">
                    <a href="http://24mail.chacuo.net/?utm_campaign=haruki&utm_content=note&utm_medium=reader_share&utm_source=qq" title="24Mail" rel="external nofollow" target="_blank">24Mail</a>
                  </li>
                
                  <li class="links-of-blogroll-item">
                    <a href="http://e.xitu.io/" title="掘金酱" rel="external nofollow" target="_blank">掘金酱</a>
                  </li>
                
              </ul>
            </div>
          

          

        </div>
      </section>

      
      <!--noindex-->
        <section class="post-toc-wrap motion-element sidebar-panel sidebar-panel-active">
          <div class="post-toc">

            
              
            

            
              <div class="post-toc-content"><ol class="nav"><li class="nav-item nav-level-1"><a class="nav-link" href="#简介"><span class="nav-number">1.</span> <span class="nav-text">简介</span></a><ol class="nav-child"><li class="nav-item nav-level-2"><a class="nav-link" href="#Spring-Security-模块"><span class="nav-number">1.1.</span> <span class="nav-text">Spring Security 模块</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#认证流程"><span class="nav-number">1.2.</span> <span class="nav-text">认证流程</span></a></li></ol></li><li class="nav-item nav-level-1"><a class="nav-link" href="#启动原理"><span class="nav-number">2.</span> <span class="nav-text">启动原理</span></a><ol class="nav-child"><li class="nav-item nav-level-2"><a class="nav-link" href="#启动demo"><span class="nav-number">2.1.</span> <span class="nav-text">启动demo</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#入手-EnableWebSecurity注解"><span class="nav-number">2.2.</span> <span class="nav-text">入手 @EnableWebSecurity注解</span></a><ol class="nav-child"><li class="nav-item nav-level-3"><a class="nav-link" href="#跟进-SpringWebMvcImportSelector"><span class="nav-number">2.2.1.</span> <span class="nav-text">跟进 SpringWebMvcImportSelector</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#跟进-EnableGlobalAuthentication"><span class="nav-number">2.2.2.</span> <span class="nav-text">跟进 @EnableGlobalAuthentication</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#跟进-WebSecurityConfiguration"><span class="nav-number">2.2.3.</span> <span class="nav-text">跟进 WebSecurityConfiguration</span></a><ol class="nav-child"><li class="nav-item nav-level-4"><a class="nav-link" href="#setFilterChainProxySecurityConfigurer（）方法"><span class="nav-number">2.2.3.1.</span> <span class="nav-text">setFilterChainProxySecurityConfigurer（）方法</span></a></li><li class="nav-item nav-level-4"><a class="nav-link" href="#springSecurityFilterChain（）"><span class="nav-number">2.2.3.2.</span> <span class="nav-text">springSecurityFilterChain（）</span></a></li></ol></li><li class="nav-item nav-level-3"><a class="nav-link" href="#WebSecurity的build-方法"><span class="nav-number">2.2.4.</span> <span class="nav-text">WebSecurity的build()方法</span></a><ol class="nav-child"><li class="nav-item nav-level-4"><a class="nav-link" href="#WebSecurity-类图"><span class="nav-number">2.2.4.1.</span> <span class="nav-text">WebSecurity 类图</span></a></li><li class="nav-item nav-level-4"><a class="nav-link" href="#build-过程"><span class="nav-number">2.2.4.2.</span> <span class="nav-text">build()过程</span></a></li></ol></li><li class="nav-item nav-level-3"><a class="nav-link" href="#Filter实现的流程"><span class="nav-number">2.2.5.</span> <span class="nav-text">Filter实现的流程</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#小结"><span class="nav-number">2.2.6.</span> <span class="nav-text">小结</span></a></li></ol></li><li class="nav-item nav-level-2"><a class="nav-link" href="#入手-WebSecurityConfigurerAdapter-适配器类。"><span class="nav-number">2.3.</span> <span class="nav-text">入手 WebSecurityConfigurerAdapter 适配器类。</span></a></li></ol></li></ol></div>
            

          </div>
        </section>
      <!--/noindex-->
      

      

      <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
      <!-- 侧边栏广告 -->
      <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-3331353808689126" data-ad-slot="7563237003" data-ad-format="auto" data-full-width-responsive="true"></ins>
      <script>
      	(adsbygoogle = window.adsbygoogle || []).push({});
      </script>
    </div>
  </aside>


        
      </div>
    </main>

    <footer id="footer" class="footer">
      <div class="footer-inner">
        <div class="copyright"> &copy; 2017 &mdash; <span itemprop="copyrightYear">2020</span>
  <span class="with-love">
    <i class="fa fa-heart"></i>
  </span>
  <span class="author" itemprop="copyrightHolder">Big Jelly</span>

</div>

<div class="powered-by">
	
		<span class="post-meta-item-icon">
			<i class="fa fa-area-chart"></i>
		</span>
		
			<span class="post-meta-item-text">Site words total count&#58;</span>
		
		<span title="Site words total count">140.8k</span>
	
  
	
		<script async src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script>

		<span class="post-meta-divider">|</span>
		<span class="post-visit-item-icon">
			<i class="fa fa-user-md"></i>
		</span>
		<span class="busuanzi_container_site_uv">
			Visitors to this site: <span id="busuanzi_value_site_uv"></span>
		</span>
	
  


	
</div>
        







        
      </div>
    </footer>

    
      <div class="back-to-top">
        <i class="fa fa-arrow-up"></i>
        
      </div>
    

    

  </div>

  

<script type="text/javascript">
  if (Object.prototype.toString.call(window.Promise) !== '[object Function]') {
    window.Promise = null;
  }
</script>









  


  











  
  
    <script type="text/javascript" src="/lib/jquery/index.js?v=2.1.3"></script>
  

  
  
    <script type="text/javascript" src="/lib/fastclick/lib/fastclick.min.js?v=1.0.6"></script>
  

  
  
    <script type="text/javascript" src="/lib/jquery_lazyload/jquery.lazyload.js?v=1.9.7"></script>
  

  
  
    <script type="text/javascript" src="/lib/velocity/velocity.min.js?v=1.2.1"></script>
  

  
  
    <script type="text/javascript" src="/lib/velocity/velocity.ui.min.js?v=1.2.1"></script>
  

  
  
    <script type="text/javascript" src="/lib/fancybox/source/jquery.fancybox.pack.js?v=2.1.5"></script>
  

  
  
    <script type="text/javascript" src="/lib/canvas-nest/canvas-nest.min.js"></script>
  


  


  <script type="text/javascript" src="/js/src/utils.js?v=5.1.4"></script>

  <script type="text/javascript" src="/js/src/motion.js?v=5.1.4"></script>



  
  


  <script type="text/javascript" src="/js/src/affix.js?v=5.1.4"></script>

  <script type="text/javascript" src="/js/src/schemes/pisces.js?v=5.1.4"></script>



  
  <script type="text/javascript" src="/js/src/scrollspy.js?v=5.1.4"></script>
<script type="text/javascript" src="/js/src/post-details.js?v=5.1.4"></script>



  


  <script type="text/javascript" src="/js/src/bootstrap.js?v=5.1.4"></script>



  


  




	





  





  












  <link rel="stylesheet" href="https://unpkg.com/gitalk/dist/gitalk.css">
  <script src="https://unpkg.com/gitalk/dist/gitalk.min.js"></script>
  <script src="/js/md5.min.js"></script>
   <script type="text/javascript">
        var gitalk = new Gitalk({
          clientID: 'ca31692554c3aea431f0',
          clientSecret: '1173c9e9c3c9038304c9a5b08929a359cae9f847',
          repo: 'jelly54.github.io',
          owner: 'jelly54',
          admin: ['jelly54'],
          id: md5(location.pathname),
          distractionFreeMode: 'true'
        })
        gitalk.render('gitalk-container')
       </script>

  

  <script type="text/javascript">
    // Popup Window;
    var isfetched = false;
    var isXml = true;
    // Search DB path;
    var search_path = "search.xml";
    if (search_path.length === 0) {
      search_path = "search.xml";
    } else if (/json$/i.test(search_path)) {
      isXml = false;
    }
    var path = "/" + search_path;
    // monitor main search box;

    var onPopupClose = function (e) {
      $('.popup').hide();
      $('#local-search-input').val('');
      $('.search-result-list').remove();
      $('#no-result').remove();
      $(".local-search-pop-overlay").remove();
      $('body').css('overflow', '');
    }

    function proceedsearch() {
      $("body")
        .append('<div class="search-popup-overlay local-search-pop-overlay"></div>')
        .css('overflow', 'hidden');
      $('.search-popup-overlay').click(onPopupClose);
      $('.popup').toggle();
      var $localSearchInput = $('#local-search-input');
      $localSearchInput.attr("autocapitalize", "none");
      $localSearchInput.attr("autocorrect", "off");
      $localSearchInput.focus();
    }

    // search function;
    var searchFunc = function(path, search_id, content_id) {
      'use strict';

      // start loading animation
      $("body")
        .append('<div class="search-popup-overlay local-search-pop-overlay">' +
          '<div id="search-loading-icon">' +
          '<i class="fa fa-spinner fa-pulse fa-5x fa-fw"></i>' +
          '</div>' +
          '</div>')
        .css('overflow', 'hidden');
      $("#search-loading-icon").css('margin', '20% auto 0 auto').css('text-align', 'center');

      $.ajax({
        url: path,
        dataType: isXml ? "xml" : "json",
        async: true,
        success: function(res) {
          // get the contents from search data
          isfetched = true;
          $('.popup').detach().appendTo('.header-inner');
          var datas = isXml ? $("entry", res).map(function() {
            return {
              title: $("title", this).text(),
              content: $("content",this).text(),
              url: $("url" , this).text()
            };
          }).get() : res;
          var input = document.getElementById(search_id);
          var resultContent = document.getElementById(content_id);
          var inputEventFunction = function() {
            var searchText = input.value.trim().toLowerCase();
            var keywords = searchText.split(/[\s\-]+/);
            if (keywords.length > 1) {
              keywords.push(searchText);
            }
            var resultItems = [];
            if (searchText.length > 0) {
              // perform local searching
              datas.forEach(function(data) {
                var isMatch = false;
                var hitCount = 0;
                var searchTextCount = 0;
                var title = data.title.trim();
                var titleInLowerCase = title.toLowerCase();
                var content = data.content.trim().replace(/<[^>]+>/g,"");
                var contentInLowerCase = content.toLowerCase();
                var articleUrl = decodeURIComponent(data.url);
                var indexOfTitle = [];
                var indexOfContent = [];
                // only match articles with not empty titles
                if(title != '') {
                  keywords.forEach(function(keyword) {
                    function getIndexByWord(word, text, caseSensitive) {
                      var wordLen = word.length;
                      if (wordLen === 0) {
                        return [];
                      }
                      var startPosition = 0, position = [], index = [];
                      if (!caseSensitive) {
                        text = text.toLowerCase();
                        word = word.toLowerCase();
                      }
                      while ((position = text.indexOf(word, startPosition)) > -1) {
                        index.push({position: position, word: word});
                        startPosition = position + wordLen;
                      }
                      return index;
                    }

                    indexOfTitle = indexOfTitle.concat(getIndexByWord(keyword, titleInLowerCase, false));
                    indexOfContent = indexOfContent.concat(getIndexByWord(keyword, contentInLowerCase, false));
                  });
                  if (indexOfTitle.length > 0 || indexOfContent.length > 0) {
                    isMatch = true;
                    hitCount = indexOfTitle.length + indexOfContent.length;
                  }
                }

                // show search results

                if (isMatch) {
                  // sort index by position of keyword

                  [indexOfTitle, indexOfContent].forEach(function (index) {
                    index.sort(function (itemLeft, itemRight) {
                      if (itemRight.position !== itemLeft.position) {
                        return itemRight.position - itemLeft.position;
                      } else {
                        return itemLeft.word.length - itemRight.word.length;
                      }
                    });
                  });

                  // merge hits into slices

                  function mergeIntoSlice(text, start, end, index) {
                    var item = index[index.length - 1];
                    var position = item.position;
                    var word = item.word;
                    var hits = [];
                    var searchTextCountInSlice = 0;
                    while (position + word.length <= end && index.length != 0) {
                      if (word === searchText) {
                        searchTextCountInSlice++;
                      }
                      hits.push({position: position, length: word.length});
                      var wordEnd = position + word.length;

                      // move to next position of hit

                      index.pop();
                      while (index.length != 0) {
                        item = index[index.length - 1];
                        position = item.position;
                        word = item.word;
                        if (wordEnd > position) {
                          index.pop();
                        } else {
                          break;
                        }
                      }
                    }
                    searchTextCount += searchTextCountInSlice;
                    return {
                      hits: hits,
                      start: start,
                      end: end,
                      searchTextCount: searchTextCountInSlice
                    };
                  }

                  var slicesOfTitle = [];
                  if (indexOfTitle.length != 0) {
                    slicesOfTitle.push(mergeIntoSlice(title, 0, title.length, indexOfTitle));
                  }

                  var slicesOfContent = [];
                  while (indexOfContent.length != 0) {
                    var item = indexOfContent[indexOfContent.length - 1];
                    var position = item.position;
                    var word = item.word;
                    // cut out 100 characters
                    var start = position - 20;
                    var end = position + 80;
                    if(start < 0){
                      start = 0;
                    }
                    if (end < position + word.length) {
                      end = position + word.length;
                    }
                    if(end > content.length){
                      end = content.length;
                    }
                    slicesOfContent.push(mergeIntoSlice(content, start, end, indexOfContent));
                  }

                  // sort slices in content by search text's count and hits' count

                  slicesOfContent.sort(function (sliceLeft, sliceRight) {
                    if (sliceLeft.searchTextCount !== sliceRight.searchTextCount) {
                      return sliceRight.searchTextCount - sliceLeft.searchTextCount;
                    } else if (sliceLeft.hits.length !== sliceRight.hits.length) {
                      return sliceRight.hits.length - sliceLeft.hits.length;
                    } else {
                      return sliceLeft.start - sliceRight.start;
                    }
                  });

                  // select top N slices in content

                  var upperBound = parseInt('1');
                  if (upperBound >= 0) {
                    slicesOfContent = slicesOfContent.slice(0, upperBound);
                  }

                  // highlight title and content

                  function highlightKeyword(text, slice) {
                    var result = '';
                    var prevEnd = slice.start;
                    slice.hits.forEach(function (hit) {
                      result += text.substring(prevEnd, hit.position);
                      var end = hit.position + hit.length;
                      result += '<b class="search-keyword">' + text.substring(hit.position, end) + '</b>';
                      prevEnd = end;
                    });
                    result += text.substring(prevEnd, slice.end);
                    return result;
                  }

                  var resultItem = '';

                  if (slicesOfTitle.length != 0) {
                    resultItem += "<li><a href='" + articleUrl + "' class='search-result-title'>" + highlightKeyword(title, slicesOfTitle[0]) + "</a>";
                  } else {
                    resultItem += "<li><a href='" + articleUrl + "' class='search-result-title'>" + title + "</a>";
                  }

                  slicesOfContent.forEach(function (slice) {
                    resultItem += "<a href='" + articleUrl + "'>" +
                      "<p class=\"search-result\">" + highlightKeyword(content, slice) +
                      "...</p>" + "</a>";
                  });

                  resultItem += "</li>";
                  resultItems.push({
                    item: resultItem,
                    searchTextCount: searchTextCount,
                    hitCount: hitCount,
                    id: resultItems.length
                  });
                }
              })
            };
            if (keywords.length === 1 && keywords[0] === "") {
              resultContent.innerHTML = '<div id="no-result"><i class="fa fa-search fa-5x" /></div>'
            } else if (resultItems.length === 0) {
              resultContent.innerHTML = '<div id="no-result"><i class="fa fa-frown-o fa-5x" /></div>'
            } else {
              resultItems.sort(function (resultLeft, resultRight) {
                if (resultLeft.searchTextCount !== resultRight.searchTextCount) {
                  return resultRight.searchTextCount - resultLeft.searchTextCount;
                } else if (resultLeft.hitCount !== resultRight.hitCount) {
                  return resultRight.hitCount - resultLeft.hitCount;
                } else {
                  return resultRight.id - resultLeft.id;
                }
              });
              var searchResultList = '<ul class=\"search-result-list\">';
              resultItems.forEach(function (result) {
                searchResultList += result.item;
              })
              searchResultList += "</ul>";
              resultContent.innerHTML = searchResultList;
            }
          }

          if ('auto' === 'auto') {
            input.addEventListener('input', inputEventFunction);
          } else {
            $('.search-icon').click(inputEventFunction);
            input.addEventListener('keypress', function (event) {
              if (event.keyCode === 13) {
                inputEventFunction();
              }
            });
          }

          // remove loading animation
          $(".local-search-pop-overlay").remove();
          $('body').css('overflow', '');

          proceedsearch();
        }
      });
    }

    // handle and trigger popup window;
    $('.popup-trigger').click(function(e) {
      e.stopPropagation();
      if (isfetched === false) {
        searchFunc(path, 'local-search-input', 'local-search-result');
      } else {
        proceedsearch();
      };
    });

    $('.popup-btn-close').click(onPopupClose);
    $('.popup').click(function(e){
      e.stopPropagation();
    });
    $(document).on('keyup', function (event) {
      var shouldDismissSearchPopup = event.which === 27 &&
        $('.search-popup').is(':visible');
      if (shouldDismissSearchPopup) {
        onPopupClose();
      }
    });
  </script>





  

  

  

  
  

  

  

  



  
<script type="text/javascript" color="0,0,255" opacity="0.7" zindex="-2" count="99" src="//cdn.bootcss.com/canvas-nest.js/1.0.0/canvas-nest.min.js"></script>


<!-- 页面点击小红心 -->
<script type="text/javascript" src="/js/src/love.js"></script>
<script src="/live2dw/lib/L2Dwidget.min.js?094cbace49a39548bed64abff5988b05"></script><script>L2Dwidget.init({"log":true,"model":{"scale":1,"jsonPath":"/live2dw/assets/miku.model.json"},"display":{"position":"right","width":200,"height":400,"hOffset":0,"vOffset":-5},"mobile":{"show":true,"scale":0.5},"react":{"opacity":0.9},"pluginJsPath":"lib/","pluginModelPath":"assets/","pluginRootPath":"live2dw/","tagMode":false});</script></body>
</html>
